SY0-601 Dumps 2023 - Pass4itSure

In the process of preparing for the CompTIA Security+ 2023 exam, have you found that you spend a lot of thought but always can’t get started, spend a lot of time but don’t get good results? I’ll tell you, you didn’t find good SY0-601 dumps 2023. Focus your energy where it matters most!

Pass4itSure SY0-601 dumps collects questions from the latest SY0-601 exam, available in PDF or VCE format, to help you focus on challenging the CompTIA SY0-601 exam.

Want to pass the CompTIA SY0-601 exam fast? Want to get free CompTIA Security+ SY0-601 exam questions? It’s all possible here.

SY0-601 exam difficulty level depends on your concentration

Good steel is used on the blade. The same goes for preparing for the SY0-601 exam. People’s energy is limited, and they can’t work hard here today and prepare here tomorrow, which is ineffective. You need to focus on where it matters most – and the latest SY0-601 dumps (Pass4itSure) can help you do just that.

Pass4itSure concentrates entirely on the most important elements of your SY0-601 exam

Pass4itSure SY0-601 dumps provide unique, compact, and complete content that can save valuable time searching for your own learning content and won’t waste your energy on unnecessary, boring, and incomplete preliminary content, ensuring you focus effectively on preparing for the SY0-601 exam.

Don’t waste your time! Come and learn SY0-601 dumps free exam questions and answers

Here are some new CompTIA SY0-601 exam questions:

SY0-601 Q1:

A document that appears to be malicious has been discovered in an email that was sent to a company\’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

A. Open the document on an air-gapped network

B. View the document\’s metadata for origin clues

C. Search for matching file hashes on malware websites

D. Detonate the document in an analysis sandbox

Correct Answer: D

SY0-601 Q2:

A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

free  sy0-601 exam questions 2

Which of the following steps would be best for the security engineer to take NEXT?

A. Allow DNS access from the internet.

B. Block SMTP access from the Internet

C. Block HTTPS access from the Internet

D. Block SSH access from the Internet.

Correct Answer: D

SY0-601 Q3:

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company\’s network. The company\’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

free  sy0-601 exam questions 3

Which of the following attacks MOST likely occurred?

A. Dictionary

B. Credential-stuffing

C. Password-spraying

D. Brute-force

Correct Answer: D

“Brute force attack in which stolen user account names and passwords are tested against multiple websites.” CompTIA SY0-601 Official Study Guide Page 690 This is a poorly worded question and while credential stuffing is a type of brute force attack, the information given does not indicate multiple websites. At best, this looks like a password-spraying attack, but it is more likely a brute-force attack. Also, note the output reads “username” and not “username” – perhaps irrelevant but the little things can and do matter

SY0-601 Q4:

A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message:

free  sy0-601 exam questions 4

Which of the following network attacks is the researcher MOST likely experiencing?

A. MAC cloning

B. Evil twin

C. Man-in-the-middle

D. ARP poisoning

Correct Answer: C

SY0-601 Q5:

Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

A. Testing security systems and processes regularly

B. Installing and maintaining a web proxy to protect cardholder data

C. Assigning a unique ID to each person with computer access

D. Encrypting transmission of cardholder data across private networks

E. Benchmarking security awareness training for contractors

F. Using vendor-supplied default passwords for system passwords

Correct Answer: AC

SY0-601 Q6:

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?



C. Firewall rules


Correct Answer: C

SY0-601 Q7:

A company is designing the layout of a new data center so it will have an optimal environmental temperature Which of the following must be included? (Select TWO)

A. An air gap

B. A cold aisle

C. Removable doors

D. A hot aisle

E. An loT thermostat

F. A humidity monitor

Correct Answer: BD

SY0-601 Q8:

Which of the following describes the exploitation of an interactive process to gain access to restncted areas?

A. Persistence

B. Buffer overflow

C. Privilege escalation

D. Pharming

Correct Answer: C the%20act,from%20an%20application%20or%20user

SY0-601 Q9:

A financial institution that would like to store its customer data could but still allow the data ta be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds,

Which of the following cryptographic techniques would BEST meet the requirement?

A. Asymmetric

B. Symmetric

C. Homeomorphic

D. Ephemeral

Correct Answer: C

“In a nutshell, homomorphic encryption is a method of encryption that allows any data to remain encrypted while it\’s being processed and manipulated. It enables you or a third party (such as a cloud provider) to apply functions on encrypted data without needing to reveal the values of the data.”

SY0-601 Q10:

Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?

A. Stored procedures

B. Buffer overflows

C. Data bias

D. Code reuse

Correct Answer: C

SY0-601 Q11:

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A. An incident response plan

B. A communications plan

C. A business continuity plan

D. A disaster recovery plan

Correct Answer: A

SY0-601 Q12:

A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred at one of the workstations. The root cause appears to be that the SoC was tampered with or replaced.

Which of the following MOST likely occurred?

A. Fileless malware

B. A downgrade attack

C. A supply-chain attack

D. A logic bomb

E. Misconfigured BIOS

Correct Answer: C

SY0-601 Q13:

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

A. Physical

B. Detective

C. Preventive

D. Compensating

Correct Answer: D

SY0-601 Q14:

A network engineer needs to build a solution that will allow guests at the company\’s headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements?

A. Implement open PSK on the APs

B. Deploy a WAF

C. Configure WIPS on the APs

D. Install a captive portal

Correct Answer: D

SY0-601 Q15:

During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

A. dd

B. mem dump

C. tcpdump

D. head

Correct Answer: C

Latest SY0-601 pdf free download:

Now, are you ready? Get the full SY0-601 dumps, at this address and focus on preparing for the CompTIA Security+ 2023 exam.

How to pass the Salesforce CRT-261 exam in 3 easy steps?

1.Research: Read through our resources ( Pass4itsure CRT-261 dumps) and make a study plan.

2.Study: Spend a lot of time here. It is recommended that you practice the CRT-261 exam questions first and then continue to practice. Make sure to gain practical experience.

3. Pass: Pass4itsure ensures that you update for free within 365 days to maximize your chances.

Premium Quality Salesforce CRT-261 PDF Dumps

[100% Free] Salesforce CRT-261 PDF Dumps

Use Our Salesforce Service Cloud Consultant CRT-261 Exam Questions

Universal Containers has a single contact center that handles all service requests including chat, Cases, and web form
submissions. It is important that Reps are assigned work evenly so that all requests are handled in the order they are
How would a Consultant address this requirement?
A. Configure Case Assignment Rules
B. Configure Omni-Channel with Most Available Routing
C. Configure Live Agent Skills-based Routing
D. Configure Omni-Channel with Least Active Routing
Correct Answer: B

Universal Containers assigns its contact center agents to certain interaction channels and would like to optimize the
agents\\’ desktop based on their assigned interaction channels. What is the best solution?
A. Create multiple agent console applications and configure the Iayout based on the user\\’s requirements.
B. Create multiple Salesforce Console for Service applications and configure them based on user\\’s requirements.
C. Create case page layouts for each interaction channel and assign them to different agent profiles.
D. Create a Salesforce Console for Service layout and allow the agents to drag and drop the components they need.
Correct Answer: B

Case escalation rules triggered on the last modification will be reset each time a user does which of the following
A. Reads the case
B. Adds a related comment to the case
C. Adds an activity or sends an email from the case record
D. Edits the case
E. All of the above
Correct Answer: D

In the telesales contact center, Universal Containers has three-step and five-step order process, contingent on the type
of product solD. Which approach should be used to optimize the order process? Choose 2 answers
A. Use Visualforce to create a wizard for each process
B. Organize the fields on the page layout to match each process
C. Use Visual Workflow to streamline the process
D. Create a custom object for each step in the process
Correct Answer: BC

Which feature should a Consultant recommend to allow a Tier 2 Service Representative to take over case processing
from Tier l and know how far Tier l had progressed in troubleshooting?
A. Service Console Macros
B. Lightning Guided Engagement
C. Path for Cases
D. Lightning Flow Component
Correct Answer: B

Universal Containers wants customers to have the ability to log cases with structured data and route based on Urgency
and Product Line. How should a Consultant accomplish this?
A. Standard Email-to-Case with assignment rules
B. Lightning Email with web routing prioritization
C. Omni-Channel with prioritized queues
D. Standard Web-to-Case with assignment rules
Correct Answer: A

Universal Containers is implementing a CTI solution for its inbound service and support contact center. Currently, the
company handles only existing customers with support issues. The contact center manager has been tasked with improving sales for the premier support offering. What key metrics can be expected to improve following the CTI
implementation? (Choose 2)
A. Average days to close
B. Average handle time
C. First call resolution
D. Abandon rate
Correct Answer: CD

A consulting firm has been retained to implement a new Service Cloud platform for a company. This company requires
quick iterations and a speedy project completion. The company has requested frequent project updates for check-ins
and refinement. Which methodology should the Consultant recommend to meet the given requirements?
A. Kanban
B. Lightning Platform
C. Agile
D. Waterfall
Correct Answer: C

To manage the publishing lifecycle for articles in Salesforce Knowledge, the contact center director wants to provide
article with various publishing capabilities. What configuration should be recommended to meet this objective?
A. Assign article managers to public groups and specific article actions to each group.
B. Assign article managers to publication teams and specific article actions to each team.
C. Assign article managers to public groups and specific publication states to each group.
D. Assign article managers to publication teams and specific publication states to each team.
Correct Answer: A

Universal Containers CFO is looking for ways to reduce contact center costs. Which customer service metric should the
CFO monitor to reach the budget goals? (Choose 2)
A. First call resolution
B. Average handle time
C. Upsell percentage
D. Customer retention
Correct Answer: AB

What metrics should a contact center manager consider to measure adoption of Salesforce Knowledge? (Choose 2)
A. Number of cases escalated by agent
B. Number of articles created by agent
C. Number of articles attached to a case
D. Number of solutions created by agent
Correct Answer: BC

Which feature should a Consultant configure to allow global Service Reps to call customers from within the Lightning
Service Console?
A. Open CTI
B. Macros
C. Local Presence
D. Lightning Dialer
Correct Answer: D

What are some uses of in business continuity planning? (Choose 3) A. To provide online
security threat information
B. To provide live and historical data on system performance
C. To provide information planning planned maintenance
D. To provide live support for system and data backup
E. To provide best practices for continuity plans
Correct Answer: ABC

You may be interested in other exam practice questions shared by Javacexa.

Salesforce CRT-261 Exam learning (YouTube)

Pass4itsure Discount Code 2020

The latest discount code “2020PASS” is provided below.


If you are looking for a discounted offer, then you are in good hands. At Pass4itsure, you will be able to receive Salesforce CRT-261 dumps pdf that will help you prepare for the real exam.

What customers say about Pass4itsure

What customers say about Pass4itsure


At Pass4itsure, providing highly reliable Salesforce CRT-261 exam dumps so you can easily prepare for the real exam. Follow the above three steps, click to get the exam success!

Welcome to Javacexam!
We share real and effective exam dumps for free for years!
The latest Cisco 300-550 Exam dumps help you improve your
exam pass rate, and Cisco 300-550 Exam Practice Tests test Your skills! We also offer 300-550 PDF online download and 300-550 YouTube
video learning.Helping you is something we insist on doing!
Easily pass the exam you can choose official exam training: Designing and Implementing Cisco Network Programmability (NPDESI) v1.0 – Self-paced E-Learning Designing and Implementing Cisco Network Programmability (NPDESI) – Instructor-led Training Or choose our recommended Pass4itsure 300-550 (year-round update! Guaranteed first attempt to pass!):

[PDF] Free Cisco 300-550 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

300-550 NPDESI – Cisco:

Latest effective Cisco 300-550 Exam Practice Tests

Which statement about an agentless configuration management system is true?
A. It requires managed hosts to have an interpreter for a high-level language such as Python or Ruby.
B. It uses existing protocols to interface with the managed host.
C. It uses compiled languages as the basis of the domain-specific language to interface with managed
D. It requires managed hosts to connect to a centralized host to receive updated configurations.
E. It requires a software package to be installed on the managed host.
Correct Answer: B


Which two protocols can the Cisco ARC I M use to communicate with supported platforms? (Choose two.)
A. OpFlex
B. SNMPv2c
F. OpenFlow
Correct Answer: AB


You are developing a YANG data model to represent the functionality of a new network application. Which
two YANG statements do you use la organize the model into a hierarchy? (Choose two.)
A. module
B. grouping
C. submodule
D. augment
E. container
Correct Answer: BE


Which two queries are supported to access objects within the ACI Management Information Tree?
(Choose two.)
A. DN query
B. fabric query
C. RN query
D. class query
E. property query
Correct Answer: AB


How many Cisco APCs must fail, in order for a customer running an ACI fabric with a cluster of five APICs
to experience data loss?
A. 4
B. 3
C. 1D. 2
E. 5
Correct Answer: B


Which statement about Cisco ASA REST API calls is true?
A. GET and POST methods are supported, whereas PUT is not supported.
B. Calls block other security management protocols, such as Cisco ASDM.
C. Changes to the configuration are automatically written to the startup configuration.
D. The Cisco ASA REST agent must first be enabled on the CLI.
Correct Answer: B


Which two security techniques are important to implement a secured management network that is used to
access the management plane of a Cisco ARC cluster? (Choose two.)
C. ipfilter
E. route maps
Correct Answer: C


An organization leverages a multivendor network to sell connectivity services using Layer 3 VPN and
VPLS. Where possible, the organization wants to use common APIs across vendors, in order to automate
the configuration of network services.
Which technology should the organization consider for the southbound interface?
B. OpFlex
C. OpenFlow
Correct Answer: D


Which two data representation formats are used in RESTCONF? (Choose two.)
E. ASN.1
Correct Answer: AB


Which two statements about YANG are true? (Choose two.)
A. YANG was conceptualized by Jerry Yang, former CEO of Yahoo.B. YANG provides security beyond SSL 3.0.
C. YANG can be executed similarly to a Python script.
D. YANG is used by NETCONF to define objects and data in requests and replies.
E. YANG represents configuration, operational, and RPC data.
Correct Answer: DE


Which concept should you use when trying to improve a frequently repealed and predictable manual
A. scalability
B. lifecycle management
C. deployment
D. orchestration
E. automation
Correct Answer: A


Which command tests a REST API?
A. nc
B. tcpdump
C. curl
D. telnet
Correct Answer: B


Which two tools help you to program against Nexus APIs? (Choose two.)
A. Jenkins
B. Cisco Nexus 1000v
D. DevNet sandboxes
E. Cisco Open SDN Controller
Correct Answer: AC


Which feature enables service function chaining to steer traffic to virtual network functions?
Correct Answer: D


You want to implement a new feature in a home-grown network automation tool. Because your
development team uses the Agile development methodology, which documentation must you create for
them, in order to put this feature on the roadmap?
A. ROI analysisB. case study
C. user story
D. SCIPAB breakdown
E. enhancement request
Correct Answer: C


Which two parts are required for a RESTful API call? (Choose two.)
A. resource
B. parameter
C. method
D. query
E. fragment
Correct Answer: BC


Which two protocols are examples of southbound APIs? (Choose two.)
F. OpFlex
Correct Answer: CF


Which two northbound protocols are supported by the Cisco NSO Controller? (Choose two)
C. OpenFlow
Correct Answer: AC


Which statement about shading in ACI is true?
A. Sharding is the technology that is designed to prevent “split-brain” scenarios in ACI.
B. Sharding is the service that presents the API on a Cisco APIC.
C. Sharding is the mechanism for distributing the database and configuration changes on a Cisco APIC
D. Sharding is the distributed topology that is used in ACI (also referred to as spine-leaf).
Correct Answer: B


After completing the OSC setup wizard, the configuration does not get applied. Which two log files should
you check to determine the errors that occurred? (Choose two.)
A. /var/log/node_config_state.logB. /var/log/platform_services.log
C. /var/log/ansible.log
D. /var/log/messages.log
E. /var/log/controller.log
Correct Answer: BE


YANG modeling supports which two comment styles? (Choose two.)
A. A block comment is enclosed within “<–” and “–>”.
B. A single-line comment starts with “#” and ends at the end of the line.
C. A single-line comment starts with “!” and ends at the end of the line.
D. A block comment is enclosed within “/*” and “*/”.
E. A single-line comment starts with “//” and ends at the end of the line.
Correct Answer: C


How is a service ticket used when constructing a Cisco APIC-EM API request?
A. to identify the service type
B. to identify a service on the controller
C. to determine the request type
D. as a security token
Correct Answer: B


Which statement about NX-API REST is true?
A. Configuration and state information is stored in the MIT.
B. NX-API REST requires a commercial license to enable.
C. Partial commits are supported.
D. Fault objects may be queried, but event objects cannot be queried.
Correct Answer: C

We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video.
Follow channels: get more useful exam content.

Latest Cisco 300-550 YouTube videos:

Thank you for reading! Sharing real and effective exam content is something we insist on doing! If this content helps you,
please pay attention to me! Share me! If you want to easily pass the Cisco 300-550 Exam, we recommend: (year-round update!) Make sure you try to pass for the first time! )

[PDF] Free Cisco 300-550 pdf dumps download from Google Drive:

[PDF] Free Full Cisco pdf dumps download from Google Drive:

Pass4itsure Promo Code 15% Off

pass4itsure Promo Code


Flydumps EC-COUNCIL 312-50V7 exam questions and answers in PDF are prepared by our expert, Moreover,they are based on the recommended syllabus covering all the EC-COUNCIL 312-50V7 exam objectives.You will find them to be very helpful and precise in the subject matter since all the EC-COUNCIL 312-50V7 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?
A. Configure Port Security on the switch
B. Configure Port Recon on the switch
C. Configure Switch Mapping
D. Configure Multiple Recognition on the switch
Correct Answer: A QUESTION 2
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data
or execute commands in the database.
What technique does Jimmy use to compromise a database?

A. Jimmy can submit user input that executes an operating system command to compromise a target system
B. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system Correct Answer: D QUESTION 3
This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?
A. IP Routing or Packet Dropping
B. IDS Spoofing or Session Assembly
C. IP Fragmentation or Session Splicing
D. IP Splicing or Packet Reassembly

Correct Answer: C QUESTION 4
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?
A. It is impossible to block these attacks
B. Hire the people through third-party job agencies who will vet them for you
C. Conduct thorough background checks before you engage them
D. Investigate their social networking profiles

Correct Answer: C
This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.
A. UDP Scanning
B. IP Fragment Scanning
C. Inverse TCP flag scanning
D. ACK flag scanning
Correct Answer: B QUESTION 6
Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. How would you call this type of activity?
A. Dumpster Diving
B. Scanning
C. CI Gathering
D. Garbage Scooping
Correct Answer: A QUESTION 7
Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer’s identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit.
You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor’s IP address.
These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information.
In which situations would you want to use anonymizer? (Select 3 answers)
A. Increase your Web browsing bandwidth speed by using Anonymizer
B. To protect your privacy and Identity on the Internet
C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.
D. Post negative entries in blogs without revealing your IP identity Correct Answer: BCD QUESTION 8
What type of attack is shown in the following diagram?

A. Man-in-the-Middle (MiTM) Attack
B. Session Hijacking Attack
C. SSL Spoofing Attack
D. Identity Stealing Attack

Correct Answer: A
Jack Hacker wants to break into Brown Co.’s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ”just to double check our records.” Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.’s computers with a valid user name and password, to steal the cookie recipe. What kind of attack is being illustrated here?
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
Correct Answer: C
How do you defend against ARP Spoofing? Select three.
A. Use ARPWALL system and block ARP spoofing attacks
B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C. Use private VLANS
D. Place static ARP entries on servers, workstation and routers
Correct Answer: ACD
TCP SYN Flood attack uses the three-way handshake mechanism.
An attacker at system A sends a SYN packet to victim at system B.

System B sends a SYN/ACK packet to victim A.

As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system
B. In this case client B is waiting for an ACK packet from client A.
This status of client B is called _________________
A. “half-closed”
B. “half open”
C. “full-open”
D. “xmas-open”
Correct Answer: B
Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was about to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company.
She finds one employee that appears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture.
What technique was used by the Kiley Innovators employee to send information to the rival marketing company?
A. The Kiley Innovators employee used cryptography to hide the information in the emails sent
B. The method used by the employee to hide the information was logical watermarking
C. The employee used steganography to hide information in the picture attachments
D. By using the pictures to hide information, the employee utilized picture fuzzing
Correct Answer: C
You run nmap port Scan on and attempt to gain banner/server information from services running on ports 21, 110 and 123.
Here is the output of your scan results:

Which of the following nmap command did you run?
A. nmap -A -sV -p21,110,123
B. nmap -F -sV -p21,110,123
C. nmap -O -sV -p21,110,123
D. nmap -T -sV -p21,110,123
Correct Answer: C
How do you defend against Privilege Escalation?
A. Use encryption to protect sensitive data
B. Restrict the interactive logon privileges
C. Run services as unprivileged accounts
D. Allow security settings of IE to zero or Low
E. Run users and applications on the least privileges
Correct Answer: ABCE
What does ICMP (type 11, code 0) denote?
A. Source Quench
B. Destination Unreachable
C. Time Exceeded
D. Unknown Type
Correct Answer: C
You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e- banking website ( authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e- mail to the customer.
You are confident that this security implementation will protect the customer from password abuse.
Two months later, a group of hackers called “HackJihad” found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (http://www.e- and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer’s username/passwords this way. They transferred money from the customer’s bank account to various offshore accounts. Your decision of password policy implementation has cost the bank with USD 925,000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution
What effective security solution will you recommend in this case?
A. Implement Biometrics based password authentication system. Record the customers face image to the authentication database
B. Configure your firewall to block logon attempts of more than three wrong tries
C. Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories
D. Implement RSA SecureID based authentication system Correct Answer: D QUESTION 17
More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode
B. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them
C. They reverse the working instructions into opposite order by masking the IDS signatures
D. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode Correct Answer: A QUESTION 18
SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:
A. The source and destination address having the same value
B. A large number of SYN packets appearing on a network without the corresponding reply packets
C. The source and destination port numbers having the same value
D. A large number of SYN packets appearing on a network with the corresponding reply packets Correct Answer: B QUESTION 19
Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?
A. Port Scanning
B. Single Scanning
C. External Scanning
D. Vulnerability Scanning
Correct Answer: D QUESTION 20
The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = ‘Chicago’
How will you delete the OrdersTable from the database using SQL Injection?

A. Chicago’; drop table OrdersTable —
B. Delete table’blah’; OrdersTable —
C. EXEC; SELECT * OrdersTable > DROP —
D. cmdshell’; ‘del c:\sql\mydb\OrdersTable’ // Correct Answer: A QUESTION 21

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises, EC-COUNCIL 312-50V7 helps you master the concepts and techniques that will enable you to succeed on the EC-COUNCIL 312-50V7 exam the first time.